Why Property and Casualty and Life Insurers Must Prepare for GDPR Too

Learn how to protect personal data of individuals to help achieve GDPR compliance

Julie SkeenJuly 20, 2017

Download White Paper

We are now less than one year away from the General Data Protection Regulation (GDPR) taking effect for EU organizations or Non-EU companies that are doing business with EU citizens. GDPR is non-industry specific and is being put in place to protect personal data of individuals living within the EU.  The goal of GDPR is to lessen or eliminate the vulnerabilities of identity theft, and to empower individuals with knowledge about how and where their personal data is being collected, for what purpose, and to direct how and where their personal information can be used.

According to Insurance Business Magazine, “any company handling European citizen data will have to comply with this incoming regulation by May 25, 2018, and businesses in the insurance sector are by no means an exception. If anything, GDPR is of more relevance to insurers as brokers and underwriters require customer data to create and implement effective policies.”

As Insurance Business Magazine states, the insurance industry must comply or the executive suite is going to quickly realize that non-compliance will result in business impacting fines and not a simple slap on the wrist; a first offense can potentially cost as much as 20 million Euro or 4% of annual revenue. Many insurance companies are scrambling to prepare for GDPR compliance to make certain they can answer a series of straightforward questions.

  • Are we taking a centralized or federated approach to data governance?
  • What methods will we be using to document the identification of personal data?
  • How are we going to utilize analytics to identify and monitor all sources of personal data?

Complying with GDPR 

Complying with data protection laws sound simple, but it is far from it; endpoint protection and firewalls are a good start, but that’s just the tip of the iceberg regarding what’s required for compliance. Insurers also need to ensure data governance by putting data controls in place to conduct automated data checks on personal data to detect data reasonability (out of range), data conformity, and data accuracy. All are methods to address data quality and detect unusual activity that can be promptly flagged as abnormal.

Data governance doesn’t stop there. GDPR compliance gives individual citizens of Europe power over their own data and will require insurers to actively manage, secure, and govern data throughout its entire life-cycle. Once data quality for personal data has been settled, there is a very simple framework that should help address data governance needs. That framework includes the following two prerequisites:

Understanding Your Data: Understanding how to identify and classify the inventory of personal data that your organization has inventoried.

Data Lineage: Understanding how and where data enters your organization and the diverse storage and integration points that the data flows through.

Insurers that can protect personal data will help themselves comply with GDPR. Although this may seem like a burden at first, in the long run, having a complete understanding of enterprise data, its source, usage and retention is considered a best practice and will no doubt be a competitive advantage in the insurance industry. Now insurers just need a solution that can put data controls in place and conduct automated data checks as part of a data governance solution. 


A platform that harnesses the power of data governance, data quality, and machine learning analytics covers a broad spectrum of what’s required. Utilizing all three capabilities in one platform removes the necessity for complex integration and reporting. In addition, a series of end-to-end data controls provides transparency to meet all GDPR information privacy and security compliance standards. Using the right set of solutions, insurers can ensure integrity from source system to any destination, profile and identify critical data, as well as classify, document and govern their most important data assets.

To learn more about GDPR and protecting customer data, download the white paper below.

Get Insights

For a deeper dive into this topic, visit our resource center. Here you will find a broad selection of content that represents the compiled wisdom, experience, and advice of our seasoned data experts and thought leaders.

Download White Paper